Sample code for 30+ languages & platforms
Tcl

Use HTTPS Client Certificate from .cer and .key Files

See more HTTP Examples

Demonstrates how to load a cert + private key from .cer and .key (base64) files and use it for mutual TLS authentication (client-side certificate).

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set http [new_CkHttp]

set cert [new_CkCert]

set privKey [new_CkPrivateKey]

# Load any type of certificate (.cer, .p7b, .pem, etc.) by calling LoadFromFile.
set success [CkCert_LoadFromFile $cert "qa_data/certs/sample_cert_a.cer"]
if {$success != 1} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkHttp $http
    delete_CkCert $cert
    delete_CkPrivateKey $privKey
    exit
}

# Load the private key.
set bd [new_CkBinData]

set success [CkBinData_LoadFile $bd "qa_data/certs/sample_key_a.key"]
set success [CkPrivateKey_LoadAnyFormat $privKey $bd "privateKeyPasswordIfNecessary"]
if {$success != 1} then {
    puts [CkPrivateKey_lastErrorText $privKey]
    delete_CkHttp $http
    delete_CkCert $cert
    delete_CkPrivateKey $privKey
    delete_CkBinData $bd
    exit
}

# Associate the private key with the cert.
set success [CkCert_SetPrivateKey $cert $privKey]
if {$success != 1} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkHttp $http
    delete_CkCert $cert
    delete_CkPrivateKey $privKey
    delete_CkBinData $bd
    exit
}

# Set the certificate to be used for mutual TLS authentication
# (i.e. sets the client-side certificate for two-way TLS authentication)
set success [CkHttp_SetSslClientCert $http $cert]
if {$success != 1} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkHttp $http
    delete_CkCert $cert
    delete_CkPrivateKey $privKey
    delete_CkBinData $bd
    exit
}

# At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS
# connection will automatically use it if the server demands a client-side cert.

delete_CkHttp $http
delete_CkCert $cert
delete_CkPrivateKey $privKey
delete_CkBinData $bd